From 506ccbe35d401fd6a1d4ea6a564ce1d7a3bb5705 Mon Sep 17 00:00:00 2001 From: Shelvacu Date: Tue, 12 Aug 2025 18:26:23 -0700 Subject: [PATCH] stuff --- default.nix | 8 ------ dns/shelvacu.com.nix | 21 ++++++-------- flake.nix | 5 ++-- modules/packageSet/module.nix | 35 ++++++++++------------ modules/tf2/module.nix | 43 +++++++++++----------------- prophecy/propdata.nix | 22 +++++++------- tests/triple-dezert/default.nix | 41 ++++++++++---------------- triple-dezert/proxied/frontproxy.nix | 16 ++++------- vaculib/lists.nix | 38 ++++++++++++++++++++++++ 9 files changed, 110 insertions(+), 119 deletions(-) create mode 100644 vaculib/lists.nix diff --git a/default.nix b/default.nix index 9fe3432..f3c4d48 100644 --- a/default.nix +++ b/default.nix @@ -23,15 +23,7 @@ let pkgs = import flake.inputs.nixpkgs { inherit system overlays; }; - # inherit (pkgs) lib; - # bySystemAttrs = [ "legacyPackages" "vacuPackages" "packages" "vaculib" "vacuConfig" "devShells" ]; - # flakeThisSystem = lib.listToAttrs (map (attr: lib.nameValuePair attr flake.${attr}.${system}) bySystemAttrs); in pkgs // { nixpkgs-update = { ... }@args: import "${flake.inputs.nixpkgs}/maintainers/scripts/update.nix" ({ include-overlays = overlays; } // args); } -# { -# inherit system flake flakeThisSystem; -# nixpkgsStable = flakeThisSystem.legacyPackages.stable; -# nixpkgsUnstable = flakeThisSystem.legacyPackages.unstable; -# } // flakeThisSystem // flakeThisSystem.vacuPackages diff --git a/dns/shelvacu.com.nix b/dns/shelvacu.com.nix index 9005b7f..c8e1595 100644 --- a/dns/shelvacu.com.nix +++ b/dns/shelvacu.com.nix @@ -1,6 +1,7 @@ { config, lib, + vaculib, ... }: let @@ -10,14 +11,12 @@ let prop_ips = s dnsData.propPublicV4; solis_ips = s config.vacu.hosts.solis.primaryIp; mail_thing = s "178.128.79.152"; - allow_report_domains = [ - "dis8.net" - "chat.for.miras.pet" - "jean-luc.org" - "pwrhs.win" - "shelvacu.com" - "shelvacu.miras.pet" - "sv.mt" + # which domains to allow dmarc reports. + # ex: _dmarc.dis8.net TXT has "rua=rua-reports@shelvacu.com", reports will only be sent if shelvacu.com allows them + # allow all domains configured in this repo, and one level of subdomain (ideally all but thats hard, this should be good enough) + allow_report_domains = lib.pipe config.vacu.dns [ + lib.attrNames + (lib.concatMap (domain: [domain "*.${domain}"])) ]; # dmarc_allow = { TXT = [ "v=DMARC1" ]; }; in @@ -98,11 +97,7 @@ in _acme-challenge.CNAME = s "17aa43aa-9295-4522-8cf2-b94ba537753d.auth.acme-dns.io."; }; dav-experiment.A = prop_ips; - "_report._dmarc".subdomains = lib.pipe allow_report_domains [ - (lib.concatMap (domain: [domain "*.${domain}"])) - (map (domain: lib.nameValuePair domain { TXT = "v=DMARC1"; })) - (lib.listToAttrs) - ]; + "_report._dmarc".subdomains = vaculib.mapNamesToAttrsConst { TXT = s "v=DMARC1"; } allow_report_domains; }; }; } diff --git a/flake.nix b/flake.nix index 84696f9..0f5f086 100644 --- a/flake.nix +++ b/flake.nix @@ -93,6 +93,7 @@ lib = import "${nixpkgs}/lib"; overlays = import ./overlays; vacuModules = import ./modules; + vaculib = import ./vaculib { inherit lib; }; defaultSuffixedInputNames = [ "nixvim" "nixpkgs" @@ -106,9 +107,7 @@ let suffix = if unstable then "-unstable" else ""; inputNames = inp ++ defaultSuffixedInputNames; - thisInputsA = builtins.listToAttrs ( - map (name: lib.nameValuePair name allInputs.${name + suffix}) inputNames - ); + thisInputsA = vaculib.mapNamesToAttrs (name: allInputs.${name + suffix}) inputNames; in if inp == "all" then allInputs else thisInputsA // defaultInputs; mkPkgs = diff --git a/modules/packageSet/module.nix b/modules/packageSet/module.nix index 0231f1e..51be3ce 100644 --- a/modules/packageSet/module.nix +++ b/modules/packageSet/module.nix @@ -54,30 +54,25 @@ let }; }; listToPackageSet = - from: - lib.pipe from [ - (map ( - val: - if builtins.isString val then - nameToPackageSet val - else - assert lib.isDerivation val; - { - name = val.pname or val.name; - value = { - inherit enable; - package = lib.mkDefault val; - }; - } - )) - builtins.listToAttrs - ]; + vaculib.mapListToAttrs ( + val: + if builtins.isString val then + nameToPackageSet val + else + assert lib.isDerivation val; + { + name = val.pname or val.name; + value = { + inherit enable; + package = lib.mkDefault val; + }; + } + ); stringToPackageSet = from: lib.pipe from [ (vaculib.listOfLines { }) - (map nameToPackageSet) - builtins.listToAttrs + (vaculib.mapListToAttrs nameToPackageSet) ]; listOrStringToPackageSet = from: diff --git a/modules/tf2/module.nix b/modules/tf2/module.nix index 80ef17e..884ac4e 100644 --- a/modules/tf2/module.nix +++ b/modules/tf2/module.nix @@ -21,8 +21,7 @@ let "sniper" "spy" ]; - mkAttrsOf = f: list: builtins.listToAttrs (map (v: lib.nameValuePair v (f v)) list); - mkAttrsOfClasses = f: mkAttrsOf f classes; + mapClassesToAttrs = f: vaculib.mapNamesToAttrs f classes; # key: what tf2 calls the key # value: other things you might want to call that key keyAliases = { @@ -385,8 +384,7 @@ let { config, ... }: { options = - (mkAttrsOf ( - key: + (vaculib.mapNamesToAttrsConst ( mkOption { type = types.nullOr bindCommandType; default = null; @@ -442,40 +440,31 @@ in default = { }; }; } - // mkAttrsOfClasses ( - classname: - mkOption { - type = types.submodule bindsModule; - default = { }; - } - ); + // vaculib.mapNamesToAttrsConst (mkOption { + type = types.submodule bindsModule; + default = { }; + }) classes; autoexecLines = mkOption { type = types.lines; default = ""; }; - classLines = mkAttrsOfClasses ( - classname: - mkOption { - type = types.lines; - default = ""; - } - ); + classLines = vaculib.mapNamesToAttrsConst (mkOption { + type = types.lines; + default = ""; + }) classes; build.autoexec = mkOption { type = types.pkg; readOnly = true; }; - build.classes = mkAttrsOfClasses ( - classname: - mkOption { - type = types.pkg; - readOnly = true; - } - ); + build.classes = vaculib.mapNamesToAttrsConst (mkOption { + type = types.pkg; + readOnly = true; + }) classes; }; config.tf2 = { build.autoexec = pkgs.writeFile "autoexec.cfg" cfg.autoexecLines; - build.classes = mkAttrsOfClasses (classname: pkgs.writeText "${classname}.cfg" cfg.classLines.${classname}); + build.classes = mapClassesToAttrs (classname: pkgs.writeText "${classname}.cfg" cfg.classLines.${classname}); autoexecLines = lib.mkMerge ( [ '' @@ -486,7 +475,7 @@ in ] ++ lib.optional cfg.binds.clear (lib.mkBefore ''unbindall'') ); - classLines = mkAttrsOfClasses (classname: '' + classLines = mapClassesToAttrs (classname: '' // START keybinds from config.tf2.binds.${classname} ${cfg.binds.${classname}._out} // END keybinds from config.tf2.binds.${classname} diff --git a/prophecy/propdata.nix b/prophecy/propdata.nix index 5c231b4..a837b5b 100644 --- a/prophecy/propdata.nix +++ b/prophecy/propdata.nix @@ -106,19 +106,17 @@ let diskIds, partitions, }: - builtins.listToAttrs ( - map (id: { - name = diskName groupName id; - value = { - type = "disk"; - device = path_prefix + id; - content = { - type = "gpt"; - inherit partitions; - }; + vaculib.mapListToAttrs (id: { + name = diskName groupName id; + value = { + type = "disk"; + device = path_prefix + id; + content = { + type = "gpt"; + inherit partitions; }; - }) diskIds - ); + }; + }) diskIds; groupAttrs = { es14a = { groupName = "es14a"; diff --git a/tests/triple-dezert/default.nix b/tests/triple-dezert/default.nix index 7ec8524..09d482b 100644 --- a/tests/triple-dezert/default.nix +++ b/tests/triple-dezert/default.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ inputs, vaculib, ... }: { name = "trip-megatest"; @@ -6,36 +6,25 @@ { lib, config, ... }: let domains = builtins.attrNames config.security.acme.certs; - disableAcmes = builtins.listToAttrs ( - map (d: { - name = "acme-${d}"; - value = { - enable = lib.mkForce false; - }; - }) domains - ); - reEnableSelfsigned = builtins.listToAttrs ( - map (d: { - name = "acme-selfsigned-${d}"; - value = { - wantedBy = [ "container@frontproxy.service" ]; - before = [ "container@frontproxy.service" ]; - }; - }) domains - ); + disableAcmes = vaculib.mapListToAttrs (d: { + name = "acme-${d}"; + value = { + enable = lib.mkForce false; + }; + }) domains; + reEnableSelfsigned = vaculib.mapListToAttrs (d: { + name = "acme-selfsigned-${d}"; + value = { + wantedBy = [ "container@frontproxy.service" ]; + before = [ "container@frontproxy.service" ]; + }; + }) domains; unitsToDisable = [ "container@vacustore.service" "container@nix-cache-nginx.service" "openvpn-awootrip.service" ]; - disableUnits = builtins.listToAttrs ( - map (u: { - name = u; - value = { - enable = lib.mkForce false; - }; - }) unitsToDisable - ); + disableUnits = vaculib.mapNamesToAttrsConst { enable = lib.mkForce false; } unitsToDisable; in { imports = [ diff --git a/triple-dezert/proxied/frontproxy.nix b/triple-dezert/proxied/frontproxy.nix index 1c91e5e..4aa8073 100644 --- a/triple-dezert/proxied/frontproxy.nix +++ b/triple-dezert/proxied/frontproxy.nix @@ -2,6 +2,7 @@ config, pkgs, lib, + vaculib, ... }: let @@ -31,7 +32,6 @@ let ) domains; message = "proxiedService ${proxiedConfig.name}'s `domain` does not match any of the known domains"; }) proxied; - #networking.hosts = mapListToAttrs (c: lib.nameValuePair c.ipAddress [ c.name ]) proxied; hosts = lib.foldl ( acc: c: let @@ -43,8 +43,7 @@ let else acc // { ${name} = (acc.${name} or [ ]) ++ [ val ]; } ) { } proxied; - mapListToAttrs = f: list: lib.listToAttrs (map f list); - certBindMounts = mapListToAttrs ( + certBindMounts = vaculib.mapListToAttrs ( d: lib.nameValuePair "/certs/${d}" { hostPath = config.security.acme.certs.${d}.directory; @@ -55,10 +54,7 @@ let (lib.filter (c: c.unixSocket != null)) (map (c: builtins.dirOf c.unixSocket)) lib.unique - (map (path: lib.nameValuePair path { - isReadOnly = false; - })) - lib.listToAttrs + (vaculib.mapNamesToAttrsConst { isReadOnly = false; }) ]; bindMounts = certBindMounts // socketBindMounts; in @@ -75,9 +71,9 @@ in postRun = "${pkgs.nixos-container}/bin/nixos-container run frontproxy -- systemctl reload haproxy"; }; - security.acme.certs = mapListToAttrs ( - domain: lib.nameValuePair domain { extraDomainNames = [ "*.${domain}" ]; } - ) domains; + security.acme.certs = vaculib.mapNamesToAttrs (domain: { + extraDomainNames = [ "*.${domain}" ]; + }) domains; users.groups.acme.gid = 993; diff --git a/vaculib/lists.nix b/vaculib/lists.nix new file mode 100644 index 0000000..06b13ef --- /dev/null +++ b/vaculib/lists.nix @@ -0,0 +1,38 @@ +{ lib, ... }: +rec { + /** + # Type + + ``` + mapListToAttrs :: (a -> { name :: String; value :: b; }) -> [a] -> { ${name} :: b; } + ``` + */ + mapListToAttrs = + f: + list: + lib.listToAttrs (map f list); + + /** + # Type + + ``` + mapNamesToAttrs :: (${name} -> a) -> [${name}] -> { ${name} :: a; } + ``` + */ + mapNamesToAttrs = + f: + list: + mapListToAttrs (name: { inherit name; value = f name; }); + + /** + # Type + + ``` + mapNamesToAttrsConst :: a -> [${name}] -> { ${name} :: a; } + ``` + */ + mapNamesToAttrsConst = + a: + list: + mapNamesToAttrs (_: a); +}